Resubmissions
01/04/2025, 21:24
250401-z8184awycs 10Analysis
-
max time kernel
117s -
max time network
143s -
platform
windows7_x64 -
resource
win7-20241023-en -
resource tags
-
submitted
25/02/2025, 23:21
General
-
Target
CVE-2018-15982_PoC.swf
-
Size
12KB
-
MD5
82fe94beb621a4368e76aa4a51998c00
-
SHA1
b7c79b8f05c3d998e21d01b07b9ba157160581a9
-
SHA256
c61dd1b37cbf2d72e3670e3c8dff28959683e6d85b8507cda25efe1dffc04bdb
-
SHA512
055677c2194ff132dc3c50ef900a36a0e4b8e5b85d176047fdefdec049aff4d5e2db1ccffefaf65575b4ca41e81fd24beb3c7cfd2fce6275642638d0cf624d27
-
SSDEEP
192:gR6qPBBRRcrxFx/pHPn9moz7p/+tqHM41rftZDBLj9b5d/:gwqDcLx/pH/IoBiqH/BfbDBLj9b5h
Malware Config
Signatures
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Modifies Internet Explorer Phishing Filter 1 TTPs 2 IoCs
-
Modifies Internet Explorer settings 1 TTPs 28 IoCs
-
Modifies registry class 1 IoCs
-
Suspicious use of FindShellTrayWindow 1 IoCs
-
Suspicious use of SetWindowsHookEx 4 IoCs
-
Suspicious use of WriteProcessMemory 10 IoCs
Processes
-
C:\Windows\system32\cmd.execmd /c C:\Users\Admin\AppData\Local\Temp\CVE-2018-15982_PoC.swf1⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\rundll32.exe"C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Users\Admin\AppData\Local\Temp\CVE-2018-15982_PoC.swf2⤵
- Modifies registry class
- Suspicious use of WriteProcessMemory
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\CVE-2018-15982_PoC.swf3⤵
- Modifies Internet Explorer Phishing Filter
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2872 CREDAT:275457 /prefetch:24⤵
- System Location Discovery: System Language Discovery
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
-
-
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
71KB
MD583142242e97b8953c386f988aa694e4a
SHA1833ed12fc15b356136dcdd27c61a50f59c5c7d50
SHA256d72761e1a334a754ce8250e3af7ea4bf25301040929fd88cf9e50b4a9197d755
SHA512bb6da177bd16d163f377d9b4c63f6d535804137887684c113cc2f643ceab4f34338c06b5a29213c23d375e95d22ef417eac928822dfb3688ce9e2de9d5242d10
-
Filesize
344B
MD50b8104eb7626f4c35d1d71cd66d903ce
SHA1bcff82ced70a1250519059a4962426b979193dfe
SHA256e81a183f3e15147bd00ec10930fd185d1d35b40653b18273dbc8d078944b9cbc
SHA512d802c8de53eae8d01f65313fb94b9e149e33e8f352a09bb54ab7e92d434028716828eac5bb59bb8303bbcee3b86066bdf8d771d58534959c6589706fedf44f2a
-
Filesize
344B
MD5703581ae087ef3e7fcd7a2be3fa4729c
SHA14d9ba9ca5caeb33237666126095e57623ef6a510
SHA2569f4009da1e367a5f1bfc50cdc57ea07df5027d563be6a6925284901b4a7bfd67
SHA512ae73724cf9b99474f1bcb161c1d44428f7c253111b3bd78b12846910bc60f382987b0f9f2ecd24c53f07d2a54163de906b858ce7c330c477ad9d34a1261fc886
-
Filesize
344B
MD5fa427090351abc11cf55300e67e6e81e
SHA176b6259fb1eee29deb3c7604fdadeab661e9327b
SHA256cde8d725cadf584ee3626677f23f0bea9ac0e704b90fa02ed9f364ce6edafd33
SHA51275aac90f9141eabce4d53ab097c8e20410b0ce84b2bd8e4546517a6a85363041a63ab961c0ceeebdf802cdffa665fd98f36fd45ee6637b76a8474d1da1d00601
-
Filesize
344B
MD5439ff27c6695dd5cb26ec5275d4db17b
SHA1ff9df9829536c349f3a271a2f0394f811b1171b9
SHA25691978ec00604addb403d614aab927b7bc31357f34db7e6e665222d5b7a603da7
SHA512aebc7cdec730264e096a92221142c862aad44f5ba1d0de021a5b1d44c0986b917b3b29c1f01c852ef4bd23c80fe410cd5595b79db6198933b4d76dd709e1accf
-
Filesize
344B
MD560c8bc87d0c324b7690f165a107a4e57
SHA1ae07b8b52ff0c05a913902ce31317d511e21a71c
SHA256e25df41eab846c716c30ef4a40adc9257c0473d5c2e537747063bc3ee81fcb4b
SHA51261c18f9af2906a01c083a071e8258b6966da43d785797d9d40d2099374dae8919d84528840d163f8fa3f5ef2bc1e7c9fd1a395636b9cb3446ff6303de31b31a1
-
Filesize
344B
MD5981632c681c48430ffedcae33c655a0e
SHA15bcb7973a41ddf6993b52b98f6227b7ed24a186c
SHA256989df5fb5dfb463612ad146ea9d6b6066d6f5cc1df1f5a977a411243aff99331
SHA5122b22a1e7031ef68af67cbfda71b880e2eb12845c433b30de3cac61310b2a28eb3b334d034ab8db090759952ae05f80ba8bcc594307847242dfec64e1de780c2c
-
Filesize
344B
MD5ab1ac126ee3a5b8e37fb3c51ee539956
SHA149dcc006069c45a7479ce7c89acfd9bdd9bf37e2
SHA256cee4c26957125a8dc231ad5c0dde1a909a4562fadff09570f67c7853b278eea4
SHA51265a7cb82775a30df7ee17058d198f489dee38c6f2f031add26dc46447d817fb95fcaca6494eac1d3c38b4847278cc58b91c125b13a3e016ceab9b42a366a8772
-
Filesize
344B
MD5eeeb6831f69180240d750466c443aaa3
SHA11eab04499cd457629d41ad9ccbcc16cb2d26d8ea
SHA2568c2a0f3543962f618487f9e1c6c06bc5fc5839a90eeb6dc6c96849a35ff3d328
SHA512a1dbfa0cd841db1fdd6bc3fbea237a8a0d560cb873a4684be0366bb161a649f5af5903c37d47844c00e0bb1a4a2b9dfa82b8dada7d5c63ebfc3d2bae76429ef8
-
Filesize
344B
MD5b6326fde09334d838062618e0c46f43f
SHA1e884633419f0c000b50c3df951e28d4107063318
SHA256f8a170a6510af8de40d5e63f18c88decc80083494052612370cbde2da5faadd9
SHA5121384f5a4dce40fb163a070f3ca4a142989ea90fe9e2310bc52358cb47dc688898e7a61f23abac15c4ebf7b9c1a1dd45baff7cb02c6306c0f7185a0c2f0d60368
-
Filesize
70KB
MD549aebf8cbd62d92ac215b2923fb1b9f5
SHA11723be06719828dda65ad804298d0431f6aff976
SHA256b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b
-
Filesize
183KB
MD5109cab5505f5e065b63d01361467a83b
SHA14ed78955b9272a9ed689b51bf2bf4a86a25e53fc
SHA256ea6b7f51e85835c09259d9475a7d246c3e764ad67c449673f9dc97172c351673
SHA512753a6da5d6889dd52f40208e37f2b8c185805ef81148682b269fff5aa84a46d710fe0ebfe05bce625da2e801e1c26745998a41266fa36bf47bc088a224d730cc